home

Screenpresso.exe

Screenpresso

Learnpulse

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Screenpresso’. This is installed with Screenpresso. The file has been seen being downloaded from lb.cdn.m6web.fr and multiple other hosts.
Publisher:
Learnpulse  (signed and verified)

Product:
Screenpresso

Version:
1.6.4.0

MD5:
2acfce0a226f6e48af7660d365eb5748

SHA-1:
6288a6105912eb7a4210724649006711c4509d66

SHA-256:
422d8528b536452fae5950e21d8f1478bd1f27cdfe0c7110b8095d43293379b0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 2:01:57 AM UTC  (today)

File size:
11.8 MB (12,369,128 bytes)

Product version:
1.6.4.0

Copyright:
Copyright © Learnpulse 2016

Original file name:
Screenpresso.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe

Digital Signature
Signed by:
Learnpulse

Authority:
Thawte, Inc.

Valid from:
4/20/2016 2:00:00 AM

Valid to:
5/7/2018 1:59:59 AM

Subject:
CN=Learnpulse, O=Learnpulse, L=TOULOUSE, S=Haute Garonne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
667DFE89CA47ADFF057FB913EEF627E4

File PE Metadata
Compilation timestamp:
6/13/2016 9:17:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
196608:7+I6UXHK4Ar39MERswp8cRbAeYgzFi0FCEUkQhr:7QUXiyE7pFRbAeJgT

Entry address:
0xBA5706

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F3, 5D, 5E, 57, 00, 00, 00, 00, 02, 00, 00, 00, 60, 00, 00, 00, 48, 57, BA, 00, 48, 39, BA, 00, 52, 53, 44, 53, 41, 22, 93, 19, 2F, ED, 1C, 4E, B1, F3, 4E, A3, 2A, E3, B6, DE, 01, 00, 00, 00, 63, 3A, 5C, 50, 65, 72, 73, 6F, 5C, 67, 69, 74, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F, 5C, 53, 63, 72, 65, 65, 6E, 70, 72, 65, 73, 73, 6F...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
11.6 MB (12,204,544 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Screenpresso

Command:
"C:\users\{user}\appdata\local\learnpulse\screenpresso\screenpresso.exe" -startup


The file Screenpresso.exe has been discovered within the following program.

Screenpresso  by LearnPulse
www.screenpresso.com
About 8% of users remove it
 
Powered by Should I Remove It?

The file Screenpresso.exe has been seen being distributed by the following 2 URLs.

http://lb.cdn.m6web.fr/d/c/a/a5954cd96ff2aec0662e7caa3ac4777a/57f6a412/soft/.../screenpresso_1-6-4_fr_311538.exe

http://www.screenpresso.com/.../Screenpresso.exe

Scan Screenpresso.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.